Josephine Wolff Headshot

Josephine Wolff

Assistant Professor
Department of Public Policy
College of Liberal Arts

Josephine Wolff

Assistant Professor
Department of Public Policy
College of Liberal Arts

Education

AB, Princeton University; Ph.D., Massachusetts Institute of Technology

Bio

Josephine Wolff is an assistant professor in the Public Policy department at RIT and a member of the extended faculty of the Computing Security department as well as a fellow at the New America Cybersecurity Initiative. Wolff received her Ph.D. in Engineering Systems: Technology, Management and Policy and M.S. in Technology and Policy from the Massachusetts Institute of Technology, as well as her A.B. in Mathematics from Princeton University.

Her research interests include cybersecurity law and policy, defense-in-depth, security incident reporting models, economics of information security, and insurance and liability protection for computer security incidents. Her book You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches was published by MIT Press in 2018. She writes regularly about cybersecurity for Slate, and her writing has also appeared in The New York Times, Wired, The Atlantic, Scientific American, The New Republic, Newsweek, and The Washington Post.

Google Scholar Profile


Areas of Expertise
Cybersecurity Policy
Economics of Information Security
Security Measurement

Currently Teaching

PUBL-703
3 Credits
The focus of this course is on evaluation of program outcomes and research design. Students will explore the questions and methodologies associated with meeting programmatic outcomes, secondary or unanticipated effects, and an analysis of alternative means for achieving program outcomes. Critique of evaluation research methodologies will also be considered.
PUBL-363
3 Credits
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws.

Latest News

Select Scholarship

Full Length Book
Wolff, Josephine. You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches. Cambridge, MA: MIT Press, 2018. Print.